- 论坛徽章:
- 0
|
It can be done by restricted shell + some special configuration, and I did so on a HP-UX system several years ago.
On a Linux system, it can be done as follows:
1. copy /bin/bash to /bin/rbash(restricted shell)
# cp -a /bin/bash /bin/rbash
2. create the user with its shell "/bin/rbash". e.g.:
# useradd -c "A Restricted User" -g users -d /home/xxx -s /bin/rbash xxx
3. create its home but owned by root
# rm -rf /home/xxx; mkdir -m 555 /home/xxx
4. copy commands that the user needs to its home/bin
e.g,:
# mkdir -m 555 /home/xxx/bin
# cp -a /bin/ls /home/xxx/bin
# cp -a /usr/bin/passwd /home/xxx/bin
Some commands require library files under /usr/lib, so when such a command is copied, its libary file needs to be copied to the directory /home/xxx/lib as well.
5. restrict the user to /home/xxx/bin
# echo "export PATH=/home/xxx/bin" > /home/xxx/.bash_profile
# chmod 444 /home/xxx/.bash_profile
6. reset the account's password and release it to the end user
# passwd xxx
P.S. basic stuff
# ls -alR /home/xxx
/home/xxx:
total 16
dr-xr-xr-x 3 root root 4096 Feb 16 13:22 .
drwxr-xr-x 19 root root 4096 Feb 16 13:05 ..
-r--r--r-- 1 root root 26 Feb 16 13:10 .bash_profile
dr-xr-xr-x 2 root root 4096 Feb 16 13:34 bin
/home/xxx/bin:
total 28
dr-xr-xr-x 2 root root 4096 Feb 16 13:34 .
dr-xr-xr-x 3 root root 4096 Feb 16 13:22 ..
-r-s--x--x 1 root root 17700 Jun 26 2004 passwd |
|